mirror of
https://github.com/aaddrick/claude-desktop-debian.git
synced 2026-05-17 00:26:21 +03:00
a9719c93cc
* fix(cowork): forward CLAUDE_CODE_OAUTH_TOKEN to VM spawn env (#482) buildSpawnEnv and BwrapBackend.spawn both stripped every CLAUDE_CODE_* env var from the daemon's process.env via filterEnv(process.env, ['CLAUDE_CODE_']) -- including CLAUDE_CODE_OAUTH_TOKEN, the standard auth channel for the in-VM claude binary. The bwrap sandbox mounts home as an empty --dir, so ~/.claude/.credentials.json is inaccessible inside; env is the only viable auth path. Result: every shell tool call returned "Not logged in. Please run /login". Upstream's seA() does include the token in the spawn env it assembles, but on Linux that payload isn't reaching the daemon's params.env, so the daemon's inherited process.env is the only surviving source. Stripping it severed auth. Introduce FORWARDED_ENV_KEYS = ['CLAUDE_CODE_OAUTH_TOKEN'] plus a forwardAuthEnv helper that re-adds the token from process.env when appEnv doesn't provide one. Extract buildBaseSpawnEnv as the shared env-construction path for both spawn sites so the filter/forward logic can't drift. Diagnosis and reference diff by @pb3ck in #482. This PR extends the fix to BwrapBackend.spawn (the second call site), factors the shared helper, and adds regression coverage. Co-Authored-By: Claude <claude@anthropic.com> * refactor(cowork): fold forwardAuthEnv into buildBaseSpawnEnv The forwardAuthEnv helper had a single call site inside buildBaseSpawnEnv. Inlining the forward loop removes a layer of indirection for a private helper and consolidates the empty-string guard comment next to the code it documents. No behavior change. All 72 tests in cowork-path-translation.bats still pass, including the four #482 regression tests. Co-Authored-By: Claude <claude@anthropic.com> * docs(readme): credit @pb3ck for #482 diagnosis Co-Authored-By: Claude <claude@anthropic.com> --------- Co-authored-by: Claude <claude@anthropic.com>